Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Computer Checkup


  • This topic is locked This topic is locked
17 replies to this topic

#1 karamazov

karamazov

    Authentic Member

  • Authentic Member
  • PipPip
  • 216 posts

Posted 19 November 2005 - 07:19 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:18:45 PM, on 11/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\United Devices\UD.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\United Devices\ud_7174683.exe
E:\Program Files\United Devices\ud_7174683_0.dir\ud_ligfit_Release.exe
E:\Program Files\Trillian\trillian.exe
E:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Documents and Settings\Hello\Desktop\junk\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lbouazriq...F9MyogmXEx.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8E1175-F03D-05AD-5B54-520E288A6C33} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "E:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: UD Agent.lnk = United Devices\UD.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Program Files\Sygate\SPF\smc.exe
O23 - Service: UnrealIRCd - Unknown owner - e:\Program Files\Unreal3.2\wircd.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Sometimes to maintain your authority in the face of criticism, you have to make stuff up.

    Advertisements

Register to Remove


#2 illukka

illukka

    Retired Staff-Malware Expert

  • Authentic Member
  • PipPipPipPip
  • 834 posts

Posted 26 November 2005 - 03:05 PM

hi
Welcome,
Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
then launch ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

reboot back to normal mode, post the ewido report and a log from a fresh hjt scan

#3 karamazov

karamazov

    Authentic Member

  • Authentic Member
  • PipPip
  • 216 posts

Posted 26 November 2005 - 11:00 PM

Logfile of HijackThis v1.99.1
Scan saved at 11:00:06 PM, on 11/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\United Devices\UD.EXE
e:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\Program Files\United Devices\ud_7657531.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
E:\Program Files\Trillian\trillian.exe
E:\Program Files\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
e:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Hello\Desktop\junk\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lbouazriq...F9MyogmXEx.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8E1175-F03D-05AD-5B54-520E288A6C33} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "E:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [avast!] e:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: UD Agent.lnk = United Devices\UD.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: UnrealIRCd - Unknown owner - e:\Program Files\Unreal3.2\wircd.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Sometimes to maintain your authority in the face of criticism, you have to make stuff up.

#4 illukka

illukka

    Retired Staff-Malware Expert

  • Authentic Member
  • PipPipPipPip
  • 834 posts

Posted 27 November 2005 - 02:35 PM

hi did you by chance save the ewido scan report? could you post it here?

#5 karamazov

karamazov

    Authentic Member

  • Authentic Member
  • PipPip
  • 216 posts

Posted 27 November 2005 - 03:33 PM

--------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 10:55:08 PM, 11/26/2005 + Report-Checksum: AB7FF4FB + Scan result: :mozilla.8:C:\Documents and Settings\Hello\Application Data\Mozilla\Firefox\Profiles\b5rrtf58.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.9:C:\Documents and Settings\Hello\Application Data\Mozilla\Firefox\Profiles\b5rrtf58.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.10:C:\Documents and Settings\Hello\Application Data\Mozilla\Firefox\Profiles\b5rrtf58.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.11:C:\Documents and Settings\Hello\Application Data\Mozilla\Firefox\Profiles\b5rrtf58.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.17:C:\Documents and Settings\Hello\Application Data\Mozilla\Firefox\Profiles\b5rrtf58.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.18:C:\Documents and Settings\Hello\Application Data\Mozilla\Firefox\Profiles\b5rrtf58.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.20:C:\Documents and Settings\Hello\Application Data\Mozilla\Firefox\Profiles\b5rrtf58.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.11:C:\Documents and Settings\Hello\Application Data\Mozilla\Profiles\default\jpw1obwa.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.12:C:\Documents and Settings\Hello\Application Data\Mozilla\Profiles\default\jpw1obwa.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.17:C:\Documents and Settings\Hello\Application Data\Mozilla\Profiles\default\jpw1obwa.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.27:C:\Documents and Settings\Hello\Application Data\Mozilla\Profiles\default\jpw1obwa.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.28:C:\Documents and Settings\Hello\Application Data\Mozilla\Profiles\default\jpw1obwa.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.29:C:\Documents and Settings\Hello\Application Data\Mozilla\Profiles\default\jpw1obwa.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.30:C:\Documents and Settings\Hello\Application Data\Mozilla\Profiles\default\jpw1obwa.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.31:C:\Documents and Settings\Hello\Application Data\Mozilla\Profiles\default\jpw1obwa.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.32:C:\Documents and Settings\Hello\Application Data\Mozilla\Profiles\default\jpw1obwa.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup C:\Documents and Settings\Hello\Local Settings\Temp\temp.fr9873 -> Spyware.AdTools : Cleaned with backup C:\Program Files\PestPatrol\Quarantine\20050127170952.zip/Documents and Settings/Hello/Local Settings/Temp/bb.exe -> Spyware.BargainBuddy.l : Error during cleaning C:\Program Files\PestPatrol\Quarantine\20050205115849.zip/Documents and Settings/Hello/Local Settings/Temp/sr.exe -> Spyware.Relevance.b : Error during cleaning C:\Program Files\PestPatrol\Quarantine\20050220172155.zip/WINDOWS/system32/P2P Networking/P2P Networking.exe -> Spyware.P2PNetworking : Cleaned with backup C:\Program Files\PestPatrol\Quarantine\20050220180549.zip/Documents and Settings/Hello/Local Settings/Temporary Internet Files/Content.IE5/NI3CDP8B/p2psetup[1].exe -> Spyware.P2PNetworking : Cleaned with backup C:\Program Files\PestPatrol\Quarantine\20050220180549.zip/WINDOWS/system32/p2p networking/MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup C:\Program Files\PestPatrol\Quarantine\20050911214154.zip/WINDOWS/Downloaded Program Files/popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup C:\RECYCLER\NPROTECT\00037416.ZIP/Documents and Settings/Hello/Local Settings/Temporary Internet Files/Content.IE5/NI3CDP8B/p2psetup[1].exe -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037419.ZIP/Documents and Settings/Hello/Local Settings/Temporary Internet Files/Content.IE5/NI3CDP8B/p2psetup[1].exe -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037419.ZIP/WINDOWS/system32/p2p networking/MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037420.ZIP/Documents and Settings/Hello/Local Settings/Temporary Internet Files/Content.IE5/NI3CDP8B/p2psetup[1].exe -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037420.ZIP/WINDOWS/system32/p2p networking/MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037422.ZIP/Documents and Settings/Hello/Local Settings/Temporary Internet Files/Content.IE5/NI3CDP8B/p2psetup[1].exe -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037422.ZIP/WINDOWS/system32/p2p networking/MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037424.ZIP/Documents and Settings/Hello/Local Settings/Temporary Internet Files/Content.IE5/NI3CDP8B/p2psetup[1].exe -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037424.ZIP/WINDOWS/system32/p2p networking/MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037425.ZIP/Documents and Settings/Hello/Local Settings/Temporary Internet Files/Content.IE5/NI3CDP8B/p2psetup[1].exe -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037425.ZIP/WINDOWS/system32/p2p networking/MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037426.ZIP/Documents and Settings/Hello/Local Settings/Temporary Internet Files/Content.IE5/NI3CDP8B/p2psetup[1].exe -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037426.ZIP/WINDOWS/system32/p2p networking/MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037427.ZIP/Documents and Settings/Hello/Local Settings/Temporary Internet Files/Content.IE5/NI3CDP8B/p2psetup[1].exe -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037427.ZIP/WINDOWS/system32/p2p networking/MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037428.ZIP/Documents and Settings/Hello/Local Settings/Temporary Internet Files/Content.IE5/NI3CDP8B/p2psetup[1].exe -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037428.ZIP/WINDOWS/system32/p2p networking/MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037429.ZIP/Documents and Settings/Hello/Local Settings/Temporary Internet Files/Content.IE5/NI3CDP8B/p2psetup[1].exe -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037429.ZIP/WINDOWS/system32/p2p networking/MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037430.ZIP/Documents and Settings/Hello/Local Settings/Temporary Internet Files/Content.IE5/NI3CDP8B/p2psetup[1].exe -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037430.ZIP/WINDOWS/system32/p2p networking/MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037431.ZIP/Documents and Settings/Hello/Local Settings/Temporary Internet Files/Content.IE5/NI3CDP8B/p2psetup[1].exe -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037431.ZIP/WINDOWS/system32/p2p networking/MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037432.ZIP/Documents and Settings/Hello/Local Settings/Temporary Internet Files/Content.IE5/NI3CDP8B/p2psetup[1].exe -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037432.ZIP/WINDOWS/system32/p2p networking/MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037433.ZIP/Documents and Settings/Hello/Local Settings/Temporary Internet Files/Content.IE5/NI3CDP8B/p2psetup[1].exe -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037433.ZIP/WINDOWS/system32/p2p networking/MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037434.ZIP/Documents and Settings/Hello/Local Settings/Temporary Internet Files/Content.IE5/NI3CDP8B/p2psetup[1].exe -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037434.ZIP/WINDOWS/system32/p2p networking/MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037435.ZIP/Documents and Settings/Hello/Local Settings/Temporary Internet Files/Content.IE5/NI3CDP8B/p2psetup[1].exe -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037435.ZIP/WINDOWS/system32/p2p networking/MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037436.ZIP/Documents and Settings/Hello/Local Settings/Temporary Internet Files/Content.IE5/NI3CDP8B/p2psetup[1].exe -> Spyware.P2PNetworking : Cleaned with backup C:\RECYCLER\NPROTECT\00037436.ZIP/WINDOWS/system32/p2p networking/MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup ::Report End
Sometimes to maintain your authority in the face of criticism, you have to make stuff up.

#6 illukka

illukka

    Retired Staff-Malware Expert

  • Authentic Member
  • PipPipPipPip
  • 834 posts

Posted 29 November 2005 - 02:08 PM

hi

Download System Security Suite here: System Security Suite Download & Tutorial. Unzip it to your desktop. Install the program. Don't use it yet.


Run HijackThis!, press Do A system Scan Only, and put a check mark next to all these:

O2 - BHO: (no name) - {1E8E1175-F03D-05AD-5B54-520E288A6C33} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab


Close all other windows and browsers, and press the Fix Checked button.



With all windows and browsers closed.
Clean out temporary and Temporary Internet Files.
A. Open System Security Suite.
B. In the Items to Clear tab thick:
- Internet Explorer (left pane): Cookies & Temporary files
- My Computer (right pane): Temporary files & Recycle Bin
Press the Clear Selected Items button.
Close the program.

Open Internet Explorer, and click on the Tools menu and then Internet Options. At the General

tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark

in Delete offline content. Then press the OK button.

REBOOT normally.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Run HijackThis! again and post a new log.

Edited by illukka, 01 December 2005 - 06:01 AM.


#7 karamazov

karamazov

    Authentic Member

  • Authentic Member
  • PipPip
  • 216 posts

Posted 29 November 2005 - 08:46 PM

I dont mean to throw you off or anything, but would you mind telling me whats wrong? (I mean that in the nicest way possible) lol, I'm being told to do all this stuff and I dont really know why
Sometimes to maintain your authority in the face of criticism, you have to make stuff up.

#8 illukka

illukka

    Retired Staff-Malware Expert

  • Authentic Member
  • PipPipPipPip
  • 834 posts

Posted 30 November 2005 - 03:47 AM

hi ok there were infections in the logs you posted we have removed some of them, but hijackthis isnt a standalone cleaning tool we need scanners, and scans to show the infections that are not visible in the hijackthis log

#9 karamazov

karamazov

    Authentic Member

  • Authentic Member
  • PipPip
  • 216 posts

Posted 30 November 2005 - 05:11 PM

------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Tuesday, November 29, 2005 22:25:47 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 30/11/2005 Kaspersky Anti-Virus database records: 152448 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - Folders: C:\ E:\ Scan Statistics: Total number of scanned objects: 126733 Number of viruses found: 4 Number of infected objects: 10 Number of suspicious objects: 0 Duration of the scan process: 5019 sec Infected Object Name - Virus Name C:\data Infected: Trojan-Downloader.Win32.IstBar.ja C:\Program Files\PestPatrol\Quarantine\20050127170952.zip/Documents and Settings/Hello/Local Settings/Temp/bb.exe/stream/data0005 Infected: Trojan-Clicker.Win32.VB.ex C:\Program Files\PestPatrol\Quarantine\20050127170952.zip/Documents and Settings/Hello/Local Settings/Temp/bb.exe/stream Infected: Trojan-Clicker.Win32.VB.ex C:\Program Files\PestPatrol\Quarantine\20050127170952.zip/Documents and Settings/Hello/Local Settings/Temp/bb.exe Infected: Trojan-Clicker.Win32.VB.ex C:\Program Files\PestPatrol\Quarantine\20050127170952.zip Infected: Trojan-Clicker.Win32.VB.ex C:\Program Files\PestPatrol\Quarantine\20050616122607.zip/Documents and Settings/Hello/Local Settings/Temp/iinstall30200.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.iu C:\Program Files\PestPatrol\Quarantine\20050616122607.zip/Documents and Settings/Hello/Local Settings/Temp/iinstall30200.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn C:\Program Files\PestPatrol\Quarantine\20050616122607.zip/Documents and Settings/Hello/Local Settings/Temp/iinstall30200.exe/data0005 Infected: Trojan-Downloader.Win32.IstBar.ja C:\Program Files\PestPatrol\Quarantine\20050616122607.zip/Documents and Settings/Hello/Local Settings/Temp/iinstall30200.exe Infected: Trojan-Downloader.Win32.IstBar.ja C:\Program Files\PestPatrol\Quarantine\20050616122607.zip Infected: Trojan-Downloader.Win32.IstBar.ja Scan process completed.
Sometimes to maintain your authority in the face of criticism, you have to make stuff up.

#10 karamazov

karamazov

    Authentic Member

  • Authentic Member
  • PipPip
  • 216 posts

Posted 30 November 2005 - 05:13 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:12:49 PM, on 11/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy1\TeaTimer.exe
E:\Program Files\United Devices\UD.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\United Devices\ud_7174683.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wscntfy.exe
E:\Program Files\United Devices\ud_7174683_0.dir\ud_ligfit_Release.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Hello\Desktop\junk\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lbouazriq...F9MyogmXEx.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy1\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "E:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy1\TeaTimer.exe
O4 - Startup: UD Agent.lnk = United Devices\UD.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Program Files\Sygate\SPF\smc.exe
O23 - Service: UnrealIRCd - Unknown owner - e:\Program Files\Unreal3.2\wircd.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Sometimes to maintain your authority in the face of criticism, you have to make stuff up.

    Advertisements

Register to Remove


#11 illukka

illukka

    Retired Staff-Malware Expert

  • Authentic Member
  • PipPipPipPip
  • 834 posts

Posted 01 December 2005 - 06:00 AM

hi
Download System Security Suite here: System Security Suite Download & Tutorial. Unzip it to your desktop. Install the program. Don't use it yet.


reboot into safe mode

once in safe mode


With all windows and browsers closed.
Clean out temporary and Temporary Internet Files.
A. Open System Security Suite.
B. In the Items to Clear tab thick:
- Internet Explorer (left pane): Cookies & Temporary files
- My Computer (right pane): Temporary files & Recycle Bin
Press the Clear Selected Items button.
Close the program.

Open Internet Explorer, and click on the Tools menu and then Internet Options. At the General

tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark

in Delete offline content. Then press the OK button.

REBOOT normally.

post a final hjt log

#12 karamazov

karamazov

    Authentic Member

  • Authentic Member
  • PipPip
  • 216 posts

Posted 01 December 2005 - 03:13 PM

Ok... well, I didnt realize I wanst supposded to, but I did it in safemode the first time
Sometimes to maintain your authority in the face of criticism, you have to make stuff up.

#13 karamazov

karamazov

    Authentic Member

  • Authentic Member
  • PipPip
  • 216 posts

Posted 01 December 2005 - 07:49 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:49:43 PM, on 12/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy1\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\Program Files\United Devices\UD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\United Devices\ud_7174683.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\United Devices\ud_7174683_0.dir\ud_ligfit_Release.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Hello\Desktop\junk\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lbouazriq...F9MyogmXEx.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "E:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy1\TeaTimer.exe
O4 - Startup: UD Agent.lnk = United Devices\UD.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Program Files\Sygate\SPF\smc.exe
O23 - Service: UnrealIRCd - Unknown owner - e:\Program Files\Unreal3.2\wircd.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Sometimes to maintain your authority in the face of criticism, you have to make stuff up.

#14 illukka

illukka

    Retired Staff-Malware Expert

  • Authentic Member
  • PipPipPipPip
  • 834 posts

Posted 01 December 2005 - 11:53 PM

hi

is this your desired homepage:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lbouazriq...F9MyogmXEx.html
if not. fix it with hjt

then there is this item

O23 - Service: UnrealIRCd - Unknown owner - e:\Program Files\Unreal3.2\wircd.exe (file missing)

have you installed this program ? if not fix it too

THIS FILE NEEDS TO BE DELETED:
C:\data


reboot again and post a final log, are you still having problems?

#15 karamazov

karamazov

    Authentic Member

  • Authentic Member
  • PipPip
  • 216 posts

Posted 02 December 2005 - 04:09 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:09:11 PM, on 12/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy1\TeaTimer.exe
E:\Program Files\United Devices\UD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
E:\Program Files\United Devices\ud_7174683.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\United Devices\ud_7174683_0.dir\ud_ligfit_Release.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Hello\Desktop\junk\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "E:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy1\TeaTimer.exe
O4 - Startup: UD Agent.lnk = United Devices\UD.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Program Files\Sygate\SPF\smc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)





And in response to your question, no. But I wasnt really having problems to begin with..
Sometimes to maintain your authority in the face of criticism, you have to make stuff up.

Related Topics



2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users